1. Introduction:
Globalization and advancements in the internet and information technology laid paths to new ways of communication. Countries separated through oceans united through Internet and Web. Gone are the days where data and information was stored on papers. Now, everything is stored electronically which is more reliable and secure.
As the data is growing in multiple folds, Security issues are also growing at the same speed raising the concerns about its security. Though, Regulatory bodies have come up with strict guidelines and policies with constant amendments being made to keep the data and information secure and preventing it from falling into wrong hand, still data breaches continue to happen putting the people and businesses at great risks.
Hence, it is the hour of the need that data must be secured at the root level and Data Encryption fits appropriately in accomplishing this task and protects data at rest.
This paper focuses on Database encryption for database security, different methods and levels of database encryption and its advantages over other methods of data protection.
It also discusses on the performance issues associated with data encryption and best practices to minimize the performance over head on the database server due to encryption.
2. Database security - Encryption:
Database security is securing the data on a centralized database against the compromises of their confidentiality, integrity and availability. It is achieved through various information security controls or processes which include Access control, Authentication, Auditing, Integrity controls, backups and Encryption.
Databases have been protected at a higher level through network security measures such as firewalls and n...
... middle of paper ...
.... doi:10.1109/TPDS.2013.154
3. Sharma, M., Chaudhary, A., & Kumar, S. (2013) Query Processing Performance and Searching over Encrypted Data by using an Efficient Algorithm. International Journal of Computer Applications 62(10), 4, 5-8. doi: arXiv:1308.4687v1 [cs.DB]
4. Oracle Corporation. (2012). Transparent Data Encryption Best Practices. Retrieved from http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf
5. Hsueh, S. Microsoft Corporation. (2008). Database Encryption in SQL Server 2008 Enterprise Edition. Retrieved from http://technet.microsoft.com/enus/library/cc278098(v=sql.100).aspx
6. Keshavamurthy, B., Khan, A., & Toshniwal, D. (2013). Privacy preserving association rule mining over distributed databases using genetic algorithm. Neural Computing & Applications, 22351-364. doi:10.1007/s00521-013-1343-9.
Encryption is a strategy for changing data on a computer in a manner that it gets to be distinctly incomprehensible regardless of the possibility that somebody can access a PC with individual information on it.
..., Nicholas G. 2010. “Past, Present, and Future Methods of Cryptography and Data Encryption.” Department of Electrical and Computer Engineering
This type of encryption key administration is to create an extra key for decoding the data and is kept secure in escrow by an authorised 3rd party. We can also call this as a backup key or split-key. This kind of encryption method is been using to recover the data if a user forgot the password.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
For an in-depth defence approach, case study provides a series of things that describe about what is working nowadays for a secure data.
Internet can give out a lot of advantages and new things to learn and experience, but it carries a risk of personal information leakage. Even a simple browsing history can show our most private interests. Hence, there are laws and legislation made to protect the confidential information. It acts as the barrier and protector against any unwanted outflow of information to computer criminals.
Data encryption refers to the process of transforming electronic information into a scrambled form that can only be read by someone who knows how to translate the code. In nowadays business world, it’s the easiest and most practical way to secure the information that we stored and processed, and it’s significant for our sensitive information. For example, as electronic commerce is popular now, the vendors and retailers must protect the customers’ personal information from hackers or competitors. They also have many business files or contracts that need to be strictly protected. Without data encryption, these important information may fall into wrong hands and be misused by others. Besides, data encryption may be used to secure sensitive information that exists on company networks, or create digital signatures, and help to authorize in business. No one should underestimate the importance of encryption. A little mistake in encryption may make sensitive information revealing, or even result in illegal and criminal accuse.
Inconsistently storing organization data creates a lot of issues, a poor database design can cause security, integrity and normalization related issues. Majority of these issues are due to redundancy and weak data integrity and irregular storage, it is an ongoing challenge for every organization and it is important for organization and DBA to build logical, conceptual and efficient design for database. In today’s complex database systems Normalization, Data Integrity and security plays a key role. Normalization as design approach helps to minimize data redundancy and optimizes data structure by systematically and properly placing data in to appropriate groupings, a successful normalize designed follows “First Normalization Flow”, “Second Normalization Flow” and “Third Normalization flow”. Data integrity helps to increase accuracy and consistency of data over its entire life cycle, it also help keep track of database objects and ensure that each object is created, formatted and maintained properly. It is critical aspect of database design which involves “Database Structure Integrity” and “Semantic data Integrity”. Database Security is another high priority and critical issue for every organization, data breaches continue to dominate business and IT, building a secure system is as much important like Normalization and Data Integrity. Secure system helps to protect data from unauthorized users, data masking and data encryption are preferred technology used by DBA to protect data.
In the past, most of the databases were centralized, protected, and kept in a one location using a complicated database system known as centralized database. Nowadays, with the new technology of personal computers and cell phones, a new sort of database has appeared, and it seems that majority of people are pleasant with it, even if their private data is split everywhere. Many enterprises had changed their databases from the centralized databases, into the distributed database system, since it meets the demand of accessing and processing the data in the organization. Distributed database technology is considered as one of the most remarkable developments in this century (Ozsu, 1991; Rahimi & Haug, 2010; Cain, 2012). Distributed databases are basically a collection of databases that are divided on multiple computers which are connected logically but located in different physical locations, and each site manages its own local data. In contrast, centralized database is a database that is located in a one location and it is considered as a big single database (Connolly & Begg, 2010).
In this era when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for security becomes a tremendously important issue to deal with, So it is important to deal with it. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. Cryptography is the science of writing in secret code and is an ancient art; In the old age people use to send encoded message which can be understand by the receiver only who know the symbolic and relative meaning of that encoded message .The first documented use of cryptography in writing dates back to circa 1900 B.C. Egyptian scribe used non-standard hieroglyphs in an inscription. After writing was invented cryptography appeared spontaneously with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In telecommunications and data cryptography is necessary when communicating in any untrusted medium, which includes any network, particularly the Internet [1].Within the context of any application-to-application communication, there are some security requirements, including:
Days, months, and years go by and we do not notice them. Living in such a busy world, we are not always aware of the changes in our lives. Twenty years ago, if someone was told we would be able to buy groceries, pay our bills, buy stocks or even a car through the use of a computer, we might have laughed and blamed too much science fiction television for such wild accusations. However, as the next generation of children grows up, they may find it funny that people still send letters to each other through the post office. The development of the Internet has given us the ability to communicate and exchange information instantly across vast distances. The Internet has caused a huge impact in the communication field, and has made our way of living and working a lot easier, faster, and cheaper than before.
In this research paper I want to shed light on encryption. After careful research it becomes clear that encryption has been around for centuries and used in various ways. There are two distinct methods of encryption: Public Key and Private Key. Each comes with its own set of pros and cons but Private Key is the more widely used method. Laws have been put into place to sanction the use of encryption products and devices. Information has been gathered from several different sources to also explain how encryption has impacted the past and how it will continue to shape our futures.
The internet has revolutionized all forms of communication since the beginning of its existence. The world has now become smaller' or more like a global village', so to speak. The internet was first used by the U.S military for communications purposes. The internet, from the communication point of view, has brought on new developments and techniques to keep in touch not only for individuals, but for businesses as well. An example of how the internet has impacted communication would be an example of doctors now communicating through live video feeds via the internet with patients or other doctors to diagnose patients or to even guide and advise surgeons through complicated procedures.
The DBMS has a function that can be differentiate from the information retrieval system. The DBMS have the ability to store, update and retrieve the data. This is the main function of the DBMS because the database can be used if there is any record is being stored into the database. The record need to be retrieve first, then it can be change by the database administrator as it will be the record has been updated. The DBMS will protect the structure of the data structure.
The advent of the internet has allowed the world to be more connected and up-to-date on events from all over the world.